<?php
session_start();
if(!@$_SESSION['username']) {
  echo "<script>window.location.href='login.php';</script>";
}
?><?php session_start(); ?>
<!DOCTYPE html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title>add ticket</title>
</head>
<body>
	<?php
		include_once('../../libraries/esaydb.class.php');
		if($_POST) {
			$map = $_POST;
			$db = new EasyDB();
			$sqlStation = "SELECT rid FROM ob_order WHERE sid = ? AND uid = ? AND site_type = ?";
			$resutlStation = $db->queryOne($sqlStation, array($map['sid'], $_SESSION['uid'], $map['site_type']));
			if($resutlStation) {
				echo "<script>alert('已存在该订单');history.go(-1);</script>";
				exit(1);
			}

			$sqlData = "SELECT * FROM ob_ticket WHERE sid = ? AND site_type = ?";
			$resultData = $db->queryOne($sqlData, array($map['sid'], $map['site_type']));
			$map['price'] = $resultData['price'];

			$sqlOrderAdd = "INSERT INTO ob_order SET uid = ?, sid = ?, idcard = ?, name = ?, telphone = ?, email = ?, site_type = ?, price = ?";
			$resultOrder = $db->querySql($sqlOrderAdd, array($_SESSION['uid'], $map['sid'], $map['idcard'], $map['user-name'], $map['user-tel'], $map['email'], $map['site_type'], $map['price']));
			if($resultOrder) {
				echo "<script>alert('添加成功，请进入订单页付款');history.go(-1);window.close();</script>";
			}else{
				echo "<script>alert('添加失败');history.go(-1);window.close();</script>";
			}
		}else{
			echo "<script>alert('参数错误');history.go(-1);window.close();</script>";
		}
	?>
</body>
</html>